Presentation is loading. Please wait.

Presentation is loading. Please wait.

Negotiating Unsolicited Connections to a Service Listening Behind a Firewall Ben Stroud CS525 Spring 10.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Negotiating Unsolicited Connections to a Service Listening Behind a Firewall Ben Stroud CS525 Spring 10."— Presentation transcript:

1 Negotiating Unsolicited Connections to a Service Listening Behind a Firewall Ben Stroud CS525 Spring 10

2  So What is the Problem Anyway?  How Port Prediction Works  Implementation Issues  Success Rates  Not Covering ◦ Alternative Solutions ◦ Security Concerns  Questions 4/23/2010 Stroud 2

3  Firewalls will generally not allow unsolicited connections from the outside world into the “protected zone”.  To participate in peer to peer networks users have to open ports.  How to keep users from having to manually configure routers? 4/23/2010 Stroud 3

4 4/23/2010 Stroud 4 Live Online Streaming of Television Via a Distributed Network

5 4/23/2010 Stroud 5

6  For Large Networks Negotiation Server Must be very Robust ◦ Overlapped I/O with large pool of sockets  UDT ◦ TCP has additional considerations ◦ Implementation this is based on used UDP ◦ We still needed TCP delivery guarantees ◦ TCP + UDP = UDT 4/23/2010 Stroud 6

7  Able to bypass 95% of consumer level routers  Failures due to port prediction or bad connections?  Unable to predict random offsets  Won’t work on the Most Restrictive Networks ◦ Confined to HTTP for inbound traffic 4/23/2010 Stroud 7

8 4/23/2010 Stroud 8

9 4/23/2010 Stroud 9  See Full Report

Download ppt "Negotiating Unsolicited Connections to a Service Listening Behind a Firewall Ben Stroud CS525 Spring 10."

Similar presentations

Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.

Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.
Todd Tannenbaum Condor Team GCB Tutorial OGF 2007.

Todd Tannenbaum Condor Team GCB Tutorial OGF 2007.
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.1 Firewalls.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.1 Firewalls.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Skype & Network Management Taken from class reference : An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol Salman A. Baset and Henning Schulzrinne.

Skype & Network Management Taken from class reference : An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol Salman A. Baset and Henning Schulzrinne.
Fall 2008CS 334: Computer Security1 Firewalls Special Thanks to our friends at The Blekinge Institute of Technology, Sweden for providing the basis for.

Fall 2008CS 334: Computer Security1 Firewalls Special Thanks to our friends at The Blekinge Institute of Technology, Sweden for providing the basis for.
Local Wireless Network - An wireless Access Point (AP) which is the bridge the ethernet network and the wireless network -The AP protect its wireless network.

Local Wireless Network - An wireless Access Point (AP) which is the bridge the ethernet network and the wireless network -The AP protect its wireless network.
Standard, Extended and Named ACL.  In this lesson, you will learn: ◦ Purpose of ACLs  Its application to an enterprise network ◦ How ACLs are used to.

Standard, Extended and Named ACL.  In this lesson, you will learn: ◦ Purpose of ACLs  Its application to an enterprise network ◦ How ACLs are used to.
Chapter 7 Firewalls. Firewall Definition  A network device that enforces network access control based upon a defined security policy.

Chapter 7 Firewalls. Firewall Definition  A network device that enforces network access control based upon a defined security policy.
V0.01 © 2009 Research In Motion Limited Introduction to Java Application Development for the BlackBerry Smartphone Trainer name Date.

V0.01 © 2009 Research In Motion Limited Introduction to Java Application Development for the BlackBerry Smartphone Trainer name Date.
Circuit & Application Level Gateways CS-431 Dick Steflik.

Circuit & Application Level Gateways CS-431 Dick Steflik.
Transport Layer Flow. Socket Connections UDP Segment Structure.

Transport Layer Flow. Socket Connections UDP Segment Structure.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Chapter 8 PIX Firewall. Adaptive Security Algorithm (ASA)  Used by Cisco PIX Firewall  Keeps track of connections originating from the protected inside.

Chapter 8 PIX Firewall. Adaptive Security Algorithm (ASA)  Used by Cisco PIX Firewall  Keeps track of connections originating from the protected inside.
Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.

Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
TCOM 515 Lecture 6.

TCOM 515 Lecture 6.
Enabling Embedded Systems to access Internet Resources.

Enabling Embedded Systems to access Internet Resources.

Similar presentations

Ads by Google